Disney site phishing attempt - how would you handle?

[squirk]

This is really long. Sorry.

My MIL has taken multiple DCL cruises with us, and only two WDW trips. She has a Disney account to access both sites, but she leaves all the trip planning to me. She doesn’t really participate in Disney social media or message boards like this.

Last week, she got an e-mail from a TA named “Nicki Caylor” with “*************.com”, with a few other strangers CC’d, saying how excited she was about the upcoming WDW trip and that everyone needed to send her their Disney logins so she could set up FastPasses. We have no WDW trip planned, and have never ever heard of this woman or the travel agency.

So, obviously a phishing attempt. Out of curiosity, I went to that agency web site (with a TOR browser) and it seems to be a real agency and Nicki Caylor seems to be a real travel agent. The page looks totally legit and she has a real TA profile on Facebook with photos and posts and friends and reviews.

So either she and her agency are very elaborate frauds, or she has had her email account compromised and someone is posing as her to phish Disney account passwords.

But here is my problem - how in the world did they get my MIL’s email address in the first place? There is no reason Nicki Caylor should have had it. And, again, my MIL doesn’t really participate in the Disney community online. I would think if anyone was to be targeted, it would have been me, who is far more engaged online. I refuse to believe they simply pulled my MIL’s email out of a hat and just accurately guessed that she had a Disney account.

In short, Nicki Caylor (or whoever hacked her account) got my MIL’s email and Disney connection from somewhere. But again, we’ve never done business with these people.

• Did Go.com get hacked? Unlikely.
• Did my TA or her agency get hacked? Possibly.
• Did my MIL post something online somewhere, as a rare one-off, and someone harvested her e-mail that way? Also possible.
• Did my MIL’s email get hacked and someone was able to see saved emails discussing Disney and crafted this phishing scheme by hacking a legit TA’s email? Also possible, but that seems like a whole lot of work to nab Disney accounts, and anyone that sophisticated probably wouldn’t have crafted an e-mail that was so blatantly fake - e.g., referring to non-existent WDW trips.

My MIL and I were just going to ignore this email, but then this morning, she received two apparently legit emails from Disney asking her to valid her password reset request, which she never requested. She knows not to click on the validation link, thank goodness. But it’s clear that someone is really trying to get into her account.

This is stressing my MIL out, and she’s asking me what’s going on since I am the Disney planner in the family. I am not sure how to resolve.

• Do I reach out to this Nicki Caylor and let her know her email has been compromised? Or, if she’s part of the scam, will that just give her a valid phone number to attach to the e-mail? Again, even if she’s innocent, where the heck did “whoever” get my MIL’s email from?
• Do I call the agency, or does that pose the same risk if the agency itself is part of the scam?
• Do I call Disney? What, if anything, will they do about it?
• Or do we just keep ignoring it?

Thanks for reading!

 

[FCDub]

Good on your mother in law for being vigilant.

Not sure Disney will care, though, unfortunately. I wouldn’t bother contacting them.

 

[Dug720]

Does your mom go on FB? There is someone on there who has taken over a LOT of the FE groups and the tactics sound similar.

I would call Disney and ask for tech. My guess is they will have her change the password. And possibly have you forward the emails to them - I know my bank has me forward spam/fishing emails to them.

 

[Alesia]

I would contact the agency

Does your mom ever share those "like and share for a chance to win a free Disney trip" things?

 

[squirk]

Does your mom go on FB? There is someone on there who has taken over a LOT of the FE groups and the tactics sound similar.

I would call Disney and ask for tech. My guess is they will have her change the password. And possibly have you forward the emails to them - I know my bank has me forward spam/fishing emails to them.

She is on FB, but we never do FE groups. That's not to say that she didn't join one without me knowing. Worth asking her, though. Thanks!

 

[squirk]

I would contact the agency

Does your mom ever share those "like and share for a chance to win a free Disney trip" things?

Even though the agency looks legit, I worry that contacting them will validate that her email is valid, and they will now have captured my phone number or e-mail address as legit and active, too.

She may have joined those things on FB, but she's an intelligent woman. I'd be surprised if she participated in those "too good to be true" things online.

 

[Tink_83]

I would do nothing. It could very well be an elaborate phishing scheme with legitimate looking websites, etc. I know our social engineer typically sets up the fake site at least a few weeks in advance and will set up elaborate looking sites when we do this type of social engineering testing (I do IT security audits). If it is a legitimate company that has somehow been hacked that is on their security group to address. As far as how they got her email, any number of ways, including but not limited to spear phishing campaigns that target groups like us looking for email addresses, email list compromised from any number of sources, etc.

In the end I would change my passwords and do nothing else about it.

 

[georgina]

OR it could have been an honest mistake with an email address typo. Did it include her name specifically? I know I have sent texts and emails to the wrong people by mistyping their info.

 

[squirk]

OR it could have been an honest mistake with an email address typo. Did it include her name specifically? I know I have sent texts and emails to the wrong people by mistyping their info.

The original phishing email used her very unique email address. There is no legitimate reason this TA should have had her email address. Again, we have never done business with her or her agency.

 

[cakebaker]

Just change her passwords and don’t open emails you don’t recognize. There’s not much else you can do. This isn’t a Disney problem and they can’t do a thing about it. I get emails from TA’s all the time. Who knows how they got my email. I just ignore them.

 

[Disneynutinlondon]

Just to add *************.com is a valid travel agency who have agents working for them. We’ve used them to book and manage our holidays and we’re from the U.K.

I’d have no hesitation in contacting them as they’ve never tired anything like this with us and if they or one of their agents have indeed been hacked I’m sure they’d be very upset and they’d want to sort the issue out.

 

[squirk]

Just change her passwords and don’t open emails you don’t recognize. There’s not much else you can do. This isn’t a Disney problem and they can’t do a thing about it. I get emails from TA’s all the time. Who knows how they got my email. I just ignore them.

Never said it was Disney’s problem. I just didn’t know if they would be willing to slap extra security onto an account if requested, like two-factor authentication.

Getting unsolicited emails from TA’s is one thing. Getting multiple password reset attempts after a blatant spear-phishing attempt is a different story.

 

[Karin1984]

Just tell her it's phishing and ignore the e-mails. If she doesn't respond, there isn't much that can happen.
Same as when you receive a phishing e-mail from your bank, as long as you don't send them any of your log in details, and delete the e-mail.

 

[Tink_83]

Never said it was Disney’s problem. I just didn’t know if they would be willing to slap extra security onto an account if requested, like two-factor authentication.

Getting unsolicited emails from TA’s is one thing. Getting multiple password reset attempts after a blatant spear-phishing attempt is a different story.

Are the password reset attempts coming from the TA or her MDE account. If it is from her MDE account I would contact Disney. I doubt they will be able to implement MFA on her account since it’s not currently offered for end users (account management doesn’t work like that and implementing MFA is a headache to begin with for them- not for the end user - when offered you should use it). I would suspect that the most they could do is offer to help her set up a new account in MDE... if the password reset attempts are coming from the TA then just block that email address in your MIL email.

Again, at this point she should change all passwords to all accounts starting with those suspected to be compromised (or an attempt at compromise) then to banking and so forth (most people use the same email for all accounts so that can be used to try to rest their passwords). If you can I’d teach her how to use a service like lastpass which generates very secure passwords and you only need one password to get into the service. If you use something like that remember to ensue the password into the service must be very secure. Longer passwords are better. Good luck.

 

[squirk]

Are the password reset attempts coming from the TA or her MDE account. If it is from her MDE account I would contact Disney. I doubt they will be able to implement MFA on her account since it’s not currently offered for end users (account management doesn’t work like that and implementing MFA is a headache to begin with for them- not for the end user - when offered you should use it). I would suspect that the most they could do is offer to help her set up a new account in MDE... if the password reset attempts are coming from the TA then just block that email address in your MIL email.

Again, at this point she should change all passwords to all accounts starting with those suspected to be compromised (or an attempt at compromise) then to banking and so forth (most people use the same email for all accounts so that can be used to try to rest their passwords). If you can I’d teach her how to use a service like lastpass which generates very secure passwords and you only need one password to get into the service. If you use something like that remember to ensue the password into the service must be very secure. Longer passwords are better. Good luck.

I actually did call Disney, and they said they could find no record of a password reset request on their end.

So as others have recommended (thanks to you all), we’re just going to ignore these emails and reset passwords on our own.

It still bothers me not knowing how they got my MIL’s email and knew she had a Disney account, but I guess that mystery will have to go unsolved for now.

 

[jbehr12]

Could be data mining also. She could have put her email address in anywhere online (insurance quote, website registration, etc) and then had her email info sold.

 

[Wild4Walt]

My company is constantly getting phishing emails and as a company of over 500 people - some of who are not as tech savvy as others. It seems like at least once a year someone in the company falls prey to the phishing email, clicks on a link and then our IT people freak out ( understandably ).

Most likely, the agency got hacked and someone is using a legit looking email to pose as the agent. As you know, agents will never email you and ask for personal data unless you have contacted them 1st and even then the personal data in an email is very slim.

I'd check Better Business Bureau and make sure the company is legit. If it is, you can make a complaint through BBB regarding the phishing and BBB will work with the company regarding the complaint. Using BBB, then you don't need to contact the Agency if you don't want to.